The hardware attestation feature is part of the Android Open Source Project and is fully supported by GrapheneOS. SafetyNet attestation chooses to use it to enforce using Google certified operating systems. However, app developers can use it directly and permit other properly signed operating systems upholding the security model. […] Direct use of the hardware attestation API provides much higher assurance than using SafetyNet so these apps have nothing to lose by using a more meaningful API and supporting a more secure OS.
My banking apps work on GrapheneOS, so I guess they are using hardware attestation instead of SafetyNet. LineageOS won’t pass hardware attestation because it doesn’t support locked bootloader.